Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

WEBINAR:On-Demand

I knew that the level of stupidity among government officials had reached a new all-time high when I couldn’t find a Demotivators poster at Despair Inc. that fit the situation. But sometimes there is a level of total absence of thought, such cluelessness, that mere words fail. But with that in mind, we’ll talk about the general and his email anyway.

By now you have probably figured out that I’m talking about the former head of the Central Intelligence Agency, who carried on an illicit affair for months using Google’s Gmail as the medium for their secret communications. Leaving aside the warning I delivered recently since anyone clueless enough to use Gmail for secrets is probably too clueless to read eWEEK, you’d think that the head of the CIA would know with deep certainty how insecure email is.

But apparently the lesson went unlearned, so for you spymasters and others who haven’t figured this out, here it is again. Pay close attention: Email is not secure. See, I even used bold print so you’d notice. To put it another way, do not use email for anything that you don’t want to see on the front page of The Washington Post.

I’d like to say that this is a recent revelation, but I first wrote this warning in a column I wrote in Byte Magazine back in the mid-1980s. Email’s lack of security hasn’t changed, and I don’t think it is ever likely to change.

Further reading

While it’s true that many email systems encrypt the email they carry between the time it leaves your computer or smartphone and arrives at their email server, that’s all there is when it comes to security. There’s a good chance that the email on your company’s server is also encrypted, but there’s no guarantee. And you have no way of knowing whether the email service that’s being used by the recipient of your email has any encryption at all.

That’s bad enough, but it gets worse. Depending on your email client, there’s a pretty good chance there’s a copy of most of your email on your computer, and that includes email you’ve sent, email that you’ve received and even email that you thought you’d erased. There’s also a copy of everything you’ve sent or received on the servers of your email provider and on the servers and computers of the person at the other end. All of that email might be hard for you to find, but trust me when I tell you it’s only a subpoena away.

But, of course, it gets worse than that. Let’s assume, for now, that the various government officials involved in recent email scandals weren’t sending clear text messages while using the open WiFi at their local coffee shop. That email still has to go to someone else, and you have to trust that the someone else you’re sending email to will never decide to share it.

As is the case with most security issues, the people involved are the least secure part of the equation. So let’s say you send a deeply personal email message to someone in a situation where that message or the fact that you sent it would be perceived as a Bad Thing. Now suppose that the recipient, being deeply touched by whatever personal feelings you shared, decides to save the message.

How do they save this message? Just leaving it in their inbox is bad enough for your secrets, but maybe they wanted something more permanent. So they saved it as a file on their hard disk, where it’s backed up. Or they printed the email and stuck it to the fridge with a magnet. Or maybe, so overwhelmed by what a sensitive feeling person you are, decided to share it with their best friend. Or maybe they share it with all of their friends. On Facebook.

Or maybe, after the initial ardor has cooled they share it with their lawyer. Or they share it with The Washington Post. Or the FBI. Or maybe you have to take your computer in for service and the guy at the computer repair place wants a few brownie points with the feds. You see where this is going.

The fact is that sharing secrets by email has so many points of failure that it’s easy to lose count. So don’t use it for secrets unless you have a very good means of encryption and actually use it to encrypt your email.

There are a couple of other things you can do to keep the world from finding out how stupid you were. First, if you do something dumb, don’t talk about it and don’t email it. Second, if you must communicate about it, do it in writing on paper where you’ve created the text by hand. If you can’t wait long enough to write a letter, then discuss the situation verbally in person after you’ve confirmed that the other person doesn’t have a listening device (a cell phone for example) in range.

Does this sound really paranoid? It should, but if you persist in doing dumb things then either be prepared for them to become public, or make sure they stay secret by not discussing them. And yes, the CIA can intercept email. Don’t you think the director would know that?

By submitting your information, you agree that eweek.com may send you eWEEK offers via email, phone and text message, as well as email offers about other products and services that eWEEK believes may be of interest to you. eWEEK will process your information in accordance with the Quinstreet Privacy Policy.

We ran into a problem

We already have your email address on file. Please use the "Forgot your password?" link to create a password, validate your email and login.